Upcoming EU data law will make Europe tricky for Facebook

Must gain explicit consent to use your data

EU-ro-crats are mulling new data protection laws that could make Europe a hostile place for Facebook and other social networks.

The EU Justice Commissioner Viviane Reding and the German Federal Minister for Consumer Protection, Ilse Aigner, met in Brussels for a consultation this week to draw up proposals for the EU's new data protection directive to be presented in January 2012.

Their ambitions should already be sending tremors back to Zuckerberg's headquarters in Palo Alto - just as Reding promised in an earlier Reg interview. These goals in particular will cause trouble:

EU law should require that consumers give their explicit consent before their data are used. And consumers generally should have the right to delete their data at any time, especially the data they post on the internet themselves.

How the detail plays out will be crucial – for example the meaning of "deleted". Facebook famously stores all its data forever, though that data isn't available to users. Google is also likely to run into trouble over the idea of gaining a user's "explicit consent" before using their data. However the specifics fall out, it looks like EU is gearing up for a clash and fall only just short of outright naming Facebook when it states the width of its remit.

We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market. This also applies to social networks with users in the EU.

EU law will be enforced even if the company is based in a third country and has its data centres outside the EU, the statement reaffirmed.

Current EU data protection laws are due an upgrade, as the last Data Protective Directive dates from 1995.